State-sponsored hackers are leveraging WinRAR bug

Government-backed hackers from Russia and China exploited a known vulnerability in outdated versions of WinRAR, the world's most popular compression tool with over 500 million users. Google's Threat Analysis Group (TAG) said Wednesday it observed a number of government-backed hacking campaigns utilizing the WinRAR bug starting in early 2023.

The way it works: You open a malicious zip file in WinRAR, which is your default program for all compressed file formats on your PC (after you've installed WinRar, of course). It's full of seemingly innocent documents - PDFs, text files, JPG images. You double-click on one to open it, which it does. But unbeknownst to you, WinRAR was also tricked into loading a script in the background, which installs malware that lets attackers steal money from brokerage accounts.

"To ensure protection, we urge organizations and users to keep software fully up-to-date and to install security updates as soon as they become available," said Google's Kate Morgan in a TAG blog post.

As reported by Bleeping Computer, WinRAR version 6.23 fixes this issue along with others, like a flaw that allows commands to be executed if you open certain kinds of rar files. (That is, RAR files created in a specific way to exploit that flaw.) It released on August 2 and should be available to all WinRAR users. The newest release, 6.24, also addressed the security issue. You’ll need to manually download the newer versions, and WinRAR lacks an automatic update function.

Read more -here-

• CISA warns of actively exploited D-Link router vulnerabilities
• X finally moves away from Twitter.com
• Apple's new accessibility features let you control an iPhone or iPad with your eyes
• Comcast unveils streaming bundle that includes Apple TV+, Peacock and Netflix
• John Deere says solar storm compromised GPS tracking on tractors
• Dell confirms database hacked - hacker says 49 million customers hit